Code injection

2013-05-2315:55:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.9%

JSON

engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts.

CPENameOperatorVersion
elggeq1.7.15
elggeq1.7.8
elggeq1.7.13
elggeq1.7.7
elggeq1.7.3
elggeq1.8.3
elggeq1.7.2
elggeq1.7.6
elggeq1.7.1
elggle1.8.4

Name	Operator	Version
elgg	eq	1.7.15
elgg	eq	1.7.8
elgg	eq	1.7.13
elgg	eq	1.7.7
elgg	eq	1.7.3
elgg	eq	1.8.3
elgg	eq	1.7.2
elgg	eq	1.7.6
elgg	eq	1.7.1
elgg	le	1.8.4

Rows per page:

1-10 of 231

References

blog.elgg.org/pg/blog/evan/read/209/elgg-185-released

elgg.org/getelgg.php?forward=elgg-1.8.5.zip

secunia.com/advisories/49129

www.securityfocus.com/bid/53623

exchange.xforce.ibmcloud.com/vulnerabilities/75757